CVE-2026-1775

The CVE-2026-1775 entry concerns Labkotec LID-3300IP ice detector software with a missing authentication for a critical function. An unauthenticated attacker can alter device parameters and execute operational commands by sending specially crafted packets to the device. According to the provided ...

kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service

A flaw was found in the ALSA USB audio driver of the Linux kernel. This vulnerability, a buffer overflow, occurs when the size of the Pulse-Code Modulation PCM stream data packets exceeds the maximum allowed by the USB descriptor. A local attacker could exploit this by providing specially crafted...

CVE-2022-26211

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the...

CVE-2025-41747 Reflected XSS vulnerability in pxc_vlanIntfCfg.php

An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

CVE-2025-41752 Reflected XSS vulnerability in pxc_portSfp.php

An XSS vulnerability in pxcportSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

PT-2025-49817

An XSS vulnerability in pxc portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

EUVD-2020-29803

Malware in sbrugna...

CVE-2025-41690

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user Maintenance by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive...

CVE-2025-38182 ublk: santizize the arguments from userspace when adding a device

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device...

CVE-2025-5750 WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability

WOLFBOX Level 2 EV Charger tuyasvcdevosactivateresultparse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to...

CVE-2024-13947

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...

CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...

Default credentials

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device...

CVE-2022-38069 Contec Health CMS8000

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.X All versions V9.1 SP2, SIMATIC PDM All versions V9.2 SP2, SIMATIC STEP 7 V5.X All versions V5.7, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 SP2 HF1. A directory containing...

CVE-2021-25910

The CVE-2021-25910 entry involves ZIV AUTOMATION 4CCT-EA6-334126BF with an improper authentication flaw in the cookie parameter. This allows a local attacker, as an authenticated user, to modify several device parameters (impacting integrity). The primary affected component is the cookie handling...

Tata Sonata Smart SF Rush Data Forgery Issue Vulnerability

Tata Sonata Smart SF Rush is a smart bracelet product from Tata India. The product supports features like calorie counting and sleep tracking. A security vulnerability exists in Tata Sonata Smart SF Rush version 1.12, which originates from an unencrypted over-the-air transmission and fails to...

umount command injection vulnerability

umount is a package for uninstalling devices in Unix platforms. An injection vulnerability exists in umount 1.1.6 and earlier versions, which stems from the program cleaning up user-entered 'device' parameters. No details of the vulnerability are provided at this time...

Design/Logic Flaw

A spoofing vulnerability in the Core of BlackBerry Enterprise Server BES 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a devi...